[ Date Index ][
Thread Index ]
[ <= Previous by date / thread ] [ Next by date / thread => ]
John Horne wrote: > As such you won't even be able to > fiddle ipchains to try and determine your IP address when starting. You may > need to connect to the ISP, get the IP address, put that into ipchains and > then restart it. Messy, probably automatable, but again it may well work :-) You can specify rules based on interface, but since Demon allocate static IP addresses I've never done this in anger. Block everything, and then allowing in the stuff from the Internet. If people are allowed to do things from the Internet, it is usually safe to let local IP addresses do the same thing! Then allow the other things using only the local static IP addresses, and make sure that any packets arriving on the ppp0 interface with source addresses that ought to be inside are blocked (Although I think Linux does some antispoofing by default lets not rely on it). -- The Mailing List for the Devon & Cornwall LUG Mail majordomo@xxxxxxxxxxxx with "unsubscribe list" in the message body to unsubscribe.